Skill flagged — suspicious patterns detected
ClawHub Security flagged this skill as suspicious. Review the scan results before using.
Ai Company Cto
v2.0.0AI公司首席技术官技能包(CTO)。智能体系统架构师与治理者,设计、部署并优化AI代理自主协作系统,确保7×24小时自动化运转。涵盖MLOps生命周期、安全合规硬化、人机协同演进、技术投资组合与风险管控。
⭐ 0· 128·1 current·1 all-time
MIT-0
Download zip
LicenseMIT-0 · Free to use, modify, and redistribute. No attribution required.
Security Scan
OpenClaw
Suspicious
medium confidencePurpose & Capability
The name, description, and long SKILL.md all describe an AI CTO/orchestrator role (architecture, governance, multi-agent orchestration). Declared dependencies on other corporate skills (CEO, CISO, etc.) and the permissions for orchestration are consistent with that purpose. However there are small metadata inconsistencies (meta.json and _meta.json report version 1.1.0 while the registry shows 2.0.0, and author/owner fields don't clearly match), which reduces confidence in provenance.
Instruction Scope
The SKILL.md is a broad, operational playbook that describes phases where agents may perform writes, take remediation actions (interrupt services, rollback), and manage access. The runtime interface requires only a 'task' input, giving the agent broad discretion. The file/network/mcp permissions combined with vague operational guidance means the skill could be used to read/write files, call external APIs, spawn subagents, or take impactful actions unless external controls enforce approvals. The SKILL.md refers to 'forced manual approval' and gated phases, but those are descriptive rather than an enforceable constraint in the instruction-only bundle.
Install Mechanism
No install spec and no code files — it's instruction-only. That minimizes disk-level supply-chain risk because nothing will be downloaded or executed by an installer.
Credentials
No credentials or environment variables are requested (good). But the declared runtime permissions (files: read/write; network: api; mcp: sessions_send, subagents) are relatively powerful. For an orchestration/CTO role these permissions can be justified, but they are also high-impact (especially subagent creation and file writes). The skill asks for broad capabilities without declaring more granular limits or required approval gates.
Persistence & Privilege
always:false (not force-included) and autonomous invocation is allowed (default). The notable privilege is mcp:subagents (ability to spawn/coordinate subagents) and sessions_send which increases runtime blast radius. The skill does not request persistent system-wide modifications in the bundle itself, but at runtime it could create subagents that remain active — exercise caution and require admin oversight if enabling.
What to consider before installing
This skill reads like a sensible CTO playbook but grants broad runtime powers (file read/write, API/network calls, and the ability to spawn/send to subagents). Before installing: 1) Verify the skill's provenance (owner, vetter claims, homepage) and fix the metadata/version inconsistencies. 2) Apply least-privilege: restrict file write and network scopes, or require explicit human approval for any 'high-risk' actions. 3) If you enable subagent creation, do so in a sandboxed environment and log/audit all subagent activity. 4) Confirm that dependent skills (CEO/CISO/etc.) are trustworthy. If you cannot verify origin or implement enforced approval gates, consider marking this skill as advisory-only (no write/network/mcp permissions) rather than granting it live execution privileges.Like a lobster shell, security has layers — review code before you run it.
agent-interfacevk974mfnk71yxvhqnx94twjs79h84saz0ai-companyvk974mfnk71yxvhqnx94twjs79h84saz0architecturevk974mfnk71yxvhqnx94twjs79h84saz0c-suitevk97689kwxdp5d0mhwga39whvj184mca6ctovk974mfnk71yxvhqnx94twjs79h84saz0latestvk975nrcw30fymhza9r7ta2h9m984v1bkmlopsvk974mfnk71yxvhqnx94twjs79h84saz0semvervk974mfnk71yxvhqnx94twjs79h84saz0technologyvk9754f7wzqrzjsdyyr46y2dmpd84nwv8
License
MIT-0
Free to use, modify, and redistribute. No attribution required.
Runtime requirements
⚙️ Clawdis
OSLinux · macOS · Windows